ERROR 1227 (42000) at line NNNNN: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

-
Sometimes you restore a SQL dump in a MySQL database server and bump into the following error:

ERROR 1227 (42000) at line NNNNN: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

This happens when the SQL dump file contains DEFINER clause (to create specific database objects) with user account (a combination of user name and host name) other than yours and your account does not have the SUPER privilege granted.

Let us assume that:
  • SQL dump file is: mysql_dump_file.sql
  • Account that is specified with DEFINER clause in SQL dump file is: `pdxnnxxp1`@`%`
  • Your MySQL User Account is: `your_user_name`@`your_host_name`
To resolve the issue you can:
  1. Remove the DEFINER clause
    • sed -i 's/DEFINER=`pdxnnxxp1`@`%`//g' mysql_dump_file.sql
  2. Remove the DEFINER account with your account
    • sed -i 's/`pdxnnxxp1`@`%`/`your_user_name`@`your_host_name`/g' mysql_dump_file.sql
    • Replace your_user_name and your_host_name with actual values.
I have used the first method to resolve my issue.

NOTE: I have used this process successfully on a 2.3G SQL dump file. It will depend on the resources that you have configured for your machine.

NOTE: It is a good idea to make a copy of your SQL dump file before modifying it.

Repeat the process for each user account that you find in the DEFINER clause across the SQL dump file.

You can search the DEFINER clause in your SQL dump file as follows:

shell> grep DEFINER mysql_dump_file.sql

Sample Output Lines

CREATE DEFINER=`pdxnnxxp1`@`%` PROCEDURE `renewalactivationvalidator`()
CREATE DEFINER=`pdxnnxxp1`@`%` PROCEDURE `renewalinsertactivationcustomattributevalue`()
CREATE DEFINER=`pdxnnxxp1`@`%` PROCEDURE `renewalinsertactivationlicenseattribute`()

You can re-direct the output of the above command to a file for easy analysis.

shell> grep DEFINER mysql_dump_file.sql > mysql_dump_file_definer.log

Here is the story

All stored programs (procedures, functions, triggers, and events) and views can have a DEFINER attribute that names a MySQL account. If the DEFINER attribute is omitted from a stored program or view definition, the default account is the user who creates the object.

In addition, stored routines (procedures and functions) and views can have an SQL SECURITY characteristic with a value of DEFINER or INVOKER to specify whether the object executes in definer or invoker context. If the SQL SECURITY characteristic is omitted, the default is definer context.

Triggers and events have no SQL SECURITY characteristic and always execute in definer context. The server invokes these objects automatically as necessary, so there is no invoking user. 

MySQL uses the following rules to control which accounts a user can specify in an object DEFINER attribute:
  • You can specify a DEFINER value other than your own account only if you have the SUPER privilege.
  • If you do not have the SUPER privilege, the only legal user value is your own account, either specified literally or by using CURRENT_USER. You cannot set the definer to some other account. 
More details at:  Access Control for Stored Programs and Views

Comments

Post a Comment

Back To Top

Popular posts from this blog

How to save video from Internet Explorer

-
How to save video from Internet Explorer Here I am going to share an experience with you, where I was required to get the video file that I was playing in Internet explorer out of Temporary directory and save it to some permanent disk folder. Note: It is far better if you use video download tools with the web browser. Internet Explorer Version: 7.0.6xxx [Open Internet Explorer – Help – About Internet Explorer] Operating System: Windows Vista I was not playing file from you tube [I do not see any tmp file while watching video from youtube.] I found the file in following directory: C:\Users\<UserName>\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low [ Although the directory is not visible in my computer system, so I directly put it in address bar/location bar in windows explorer. ] File name was fla3870.tmp [May be in your system It will be by different name] You have to find the video file by trick technique for example: 1.
Read more

error 18 at 0 depth lookup: self signed certificate

-
I was trying to test SSL connection between MySQL client and server. For that I created SSL certificate and keys by following the MySQL documentation at: Creating SSL Certificates and Keys Using openssl After finishing up all the commands when I verify the certificates by using: openssl verify -CAfile ca.pem server-cert.pem client-cert.pem I got the following output: error 18 at 0 depth lookup : self signed certificate error server-cert.pem: verification failed client-cert.pem: OK  Reason : The Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL. Solution : When OpenSSL prompts you for the Common Name for each certificate, use different names. Common Name (e.g. server FQDN or YOUR name) []: I used values as follows: CA Cert:  ssl-ca-cert Server Cert: ssl-ca-server-cert Client Cert:  ssl-c
Read more

How to check fragmentation in MySQL tables

-
MySQL tables, including MyISAM and InnoDB, two of the most common types, experience fragmentation as data is inserted, updated and deleted randomly. Fragmentation can leave large holes in your table, blocks which must be read when scanning the table. Optimizing your table can therefore make full table scans and range scans more efficient. We will mention how to check fragmentation in MySQL tables using SQL queries. USE < put_your_dbname_here > SELECT TABLE_NAME, CONCAT(ROUND(( data_length + index_length ) / ( 1024 * 1024 ), 2), 'M') TOTAL_SIZE, CONCAT(ROUND(( DATA_FREE ) / ( 1024 * 1024 ), 2), 'M') DATA_FREE FROM information_schema.TABLES where table_schema = database() and ROUND(( DATA_FREE ) / ( 1024 * 1024 ), 2) > 0.00 ORDER BY DATA_FREE DESC; SELECT TABLE_NAME, ROUND(((Data_length - (TABLE_ROWS * Avg_row_length))/Data_length) * 100, 2) FRAG_Percent FROM information_schema.TABLES where table_schema = database() and TABLE_ROWS > 0
Read more